<?php

/**
 * This file is part of TobbiVMShop.
 *
 * TobbiVMShop is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * TobbiVMShop is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with TobbiVMShop.  If not, see <http://www.gnu.org/licenses/>.
 */
/**
 * Start-Page for the Admin-Area
 *
 * Call without $post-Parameters opens the Start-Layout / Login-Form
 * In $post-Parameters you call the Main-Categories, if you have an
 * corresponding User-Level.
 *
 * @version    $Id$
 * @package    TobbiVM-Shop
 * @copyright  Copyright (C) 2012
 * @author     Norbert Gebert
 * @license    GPL3
 */
// Suppress error messages
// todo: In production environment necessarily set to 0!
error_reporting(1);
define('TOBBIVM', 1);
// Forcing the Session cookies are used and the SID is not transported by URL
ini_set('session.use_only_cookies', '1');
ini_set('session.use_trans_sid', '0');

// Start Session
session_name("admin");
session_start();
require_once('config.php');

include_once('module/class/validate.class.php');
$validate = new validate;
include_once 'module/login/login.php';

// init Templateengine
include_once('module/quickskin/_lib/class.quickskin.php');

// Init Connection to Database with prepared Statements
include_once('module/database/MysqliDb.php');
$db = new db(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
db::setPrefix(DB_PREFIX);

// Setting Language
include_once('module/class/language.class.php');
$language = new language('main', './language', LANGUAGE);
// Translate-File must be in ./language/$language/LC_MESSAGES/main.mo
// Make sure that the SID has been assigned by the server
// to make a possible session fixation attack ineffective

if (!isset($_SESSION['server_SID']))
{
	// Clear session
	session_unset();
	// Definitely go all the contents of the session are deleted
	//$_SESSION = array();
	// delete session
	session_destroy();
	// Start new session
	session_name("admin");
	session_start();
	// New server-generated session ID
	session_regenerate_id();
	// hold status
	$_SESSION['server_SID'] = true;
}


$_SESSION['active'] = false;
$login = false;
$update = false;
$fehlermeldung = '';

// If the form was submitted
if (isset($_POST['username']))
{
	// Benutzereingabe bereinigen
	$inputUsername = $validate->cleanslash($_POST['username']);
	$inputPassword = $validate->cleanslash($_POST['password']);
	// Login User
	$login = loginUser($inputUsername, $inputPassword);

	// Sign in was correct
	if ($login === TRUE)
	{
		// User identifiers store in DB
		$update = updateUser($inputUsername);

		if ($update)
		{
			// redirect to protected page
			header('location: index2.php');
			exit;
		}
		else
		{
			// TODO Error-Page for Login-Errors
			echo '<h3>Bei der Anmeldung ist ein Problem aufgetreten!</h3>';
			exit;
		}
	}
	else
	{
		// TODO Error-Page for Login-Errors
		$fehlermeldung = '<h3>Die Anmeldung war fehlerhaft!</h3>';
	}
}

// Login-Form
// Call Authentification-Page
$page = new QuickSkin('login.tpl.php');
include_once 'module/login/login.page.php';
// Config the Templateengine
$page->set('template_dir', TEMPLATE_PATH . '/');
$page->set('temp_dir', 'tmp/');
$page->set('cache_dir', 'tmp/');
// Image-Path
$page->assign('tpl_img', TEMPLATE_PATH . '/images/');
$page->assign('url_img', URL . '/' . TEMPLATE_PATH . '/images/');
// Template Javascript-Path
$page->assign('tpl_js', TEMPLATE_PATH . '/module/js/');
$page->assign('url_js', URL . '/' . TEMPLATE_PATH . '/module/js/');
// Template CSS-Path
$page->assign('tpl_css', TEMPLATE_PATH . '/css/');
$page->assign('url_css', URL . '/' . TEMPLATE_PATH . '/css/');
$page->output();
?>